<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
 * CodeIgniter
 *
 * An open source application development framework for PHP 5.1.6 or newer
 *
 * @package   CodeIgniter
 * @author    ExpressionEngine Dev Team
 * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
 * @license   http://codeigniter.com/user_guide/license.html
 * @link    http://codeigniter.com
 * @since   Version 1.0
 * @filesource
 */

// ------------------------------------------------------------------------

/**
 * Security Class
 *
 * @package   CodeIgniter
 * @subpackage  Libraries
 * @category  Security
 * @author    ExpressionEngine Dev Team
 * @link    http://codeigniter.com/user_guide/libraries/security.html
 */

class MY_Security {
  /**
   * Filename Security
   *
   * @param string
   * @param   bool
   * @return  string
   */
  public function sanitize_filename($str, $relative_path = FALSE)
  {
    $bad = array(
            "á",
            "../",
            "<!--",
            "-->",
            "<",
            ">",
            "'",
            '"',
            '&',
            '$',
            '#',
            '{',
            '}',
            '[',
            ']',
            '=',
            ';',
            '?',
            "%20",
            "%22",
            "%3c",    // <
            "%253c",  // <
            "%3e",    // >
            "%0e",    // >
            "%28",    // (
            "%29",    // )
            "%2528",  // (
            "%26",    // &
            "%24",    // $
            "%3f",    // ?
            "%3b",    // ;
            "%3d"   // =
          );

    if ( ! $relative_path)
    {
      $bad[] = './';
      $bad[] = '/';
    }

    $str = remove_invisible_characters($str, FALSE);
    return stripslashes(str_replace($bad, '', $str));
  }

}
// END Security Class

/* End of file Security.php */
/* Location: ./system/libraries/Security.php */
